Saturday, November 29, 2014

Get old wifi password by command prompt






The netsh command is used in windows operating system.
By using this command you can get the information of the previously connected Wi-Fi on that particular system.
You can also get the passwords of those old SSID that were connected once.
The following steps are to be followed to get the password:

STEP 1: Go to run with administrative rights.
STEP 2: Type “cmd” and open command prompt.
STEP 3: In command prompt type “netsh” and press enter. You ll come under the “netsh” command prompt.


STEP 4: There type “wlan” and press enter. After this you will go into the “netsh wlan” command prompt.


STEP 5: Now to view all SSID list of previously connected wifi type
“show profile”
and it will display the whole list.


STEP 6: Now to know the key of a particular SSID then type 

show profile name=”<SSID name>” key=clear
 
Here, the “key=clear” command will force the command to display the key.


 STEP 7: To exit, directly close the command prompt or type exit.

Wednesday, November 26, 2014

Vitrual Keyboard

A Virtual Keyboard is a software component that allows a user to enter characters. A virtual keyboard can usually be operated with multiple input devices, which may include a touchscreen, an actual computer keyboard and a computer mouse.



On a desktop PC, one purpose of a virtual keyboard is to provide an alternative input mechanism for users with disabilities who cannot use, or do not have access to a physical keyboard. This is the basic thing.

Virtual keyboards can be categorized by the following aspects:
1. Physical keyboards with distinct keys comprising electronically changeable displays integrated in the keypads
2. Virtual keyboards with touchscreen keyboard layouts or sensing areas
3. Optically projected keyboard layouts or similar arrangements of "keys" or sensing areas
4. Optically detected human hand and finger motions
5. Virtual keyboards to allow input from a variety of input devices, such as a computer mouse, switch or other assistive technology device.

An optical virtual keyboard was invented and patented by IBM engineers in 2008. It optically detects and analyses human hand and finger motions and interprets them as operations on a physically non-existent input device like a surface having painted keys. In that way it allows to emulate unlimited types of manually operated input devices such as a mouse or keyboard. All mechanical input units can be replaced by such virtual devices, optimized for the current application and for the user's physiology maintaining speed, simplicity and unambiguity of manual data input.


VIRTUAL KEYBOARDS is a keyboard used as a most secure keyboard till now. This keyboard works virtually it is a on screen keyboard. Most of the bank prefer Virtual keyboard because if your system is infected some types of Trojans or key logger etc. so this will help you to protect from it. If you use virtual keyboard the keys which you pressed is not monitored or saved in key loggers.

Virtual keyboards may be used in some cases to reduce the risk of keystroke logging. For example, Westpac’s online banking service uses a virtual keyboard for the password entry, as does TreasuryDirect. It is more difficult for malware to monitor the display and mouse to obtain the data entered via the virtual keyboard, than it is to monitor real keystrokes. However it is possible, for example by recording screenshots at regular intervals or upon each mouse click.

This keyboard are very useful for everyone. We suggest to use this type of keyboard for doing secure login and signup or online transactions, etc.

Monday, November 24, 2014

Android Hacking


                      INFORMATION ON ANDROID HACKING


Here we will show you how to be safe and secure from the hackers while using smartphones. And in today’s mobile world, phone hacking is growing as a security issue. As people increasingly store sensitive data on their mobile devices, the opportunity to exploit privacy weaknesses becomes more tempting to unscrupulous frenemies, exes or the occasional stranger.



























The smartphones can be hacked easily. Hacking the android based smartphone is known as Android Hacking. You know that androids phones can be easily hack. There are many spy software used in android hacking. They are only just a mobile application but you cannot see them in the apps list or app menu but you can see this apps in WIDGETS of your smartphone.

Some of these applications are free.
Your full android mobile phone can hacked with these applications. The free application will not give you the full details of victim’s android smartphones phones. There are also paid application and with the help of those paid application the attackers can have full access of your android smartphones from your call logs, messages, your current locations, phone-book, etc. and the most important now-a-days is WhatsApp. It can sync all your cell phone data to attacker and many of this features are there. There is no need of hackers to do android hacking.

A simple human being who knows how to use these applications can hack your android phone because these applications has no commands to perform action, just it is installed in the victims mobile it will automatically transfer your phone calls details, message details, GPS, phone-book, etc. But these applications will only work when an internet is there.

How to avoid your smartphone from Android Hacking?


























1. First of all, do not give your mobile phone to unknown or untrusted person. 
2. Check your mobile phones every time you give to any of your friend or unknown person. 
3. Check your mobile phones applications and the most important thing WIDGETS. 
4. The chances for paid version applications are less because it’s only for fun so less attackers uses paid version. So to detect free applications is easy. 
5. If you find some unknown WIDGET or APPLICATION in the app list. Kindly uninstall it.
6. One important thing to say if any attackers installs this kind of applications in victim’s phone then he will get some type of information.
7. In case if it is an paid spy application, you be in a big problem because it will not display in your phone menu but if you have latest android version, i.e. Android 5.0 "Lollipop" version, it will show each and every application installed in your smartphone, though it is hidden.
8. Don’t keep private data in your phone for a long period of time. If and when hackers compromise your email account, the data will be lost to you, most probably permanently, and not even resetting your password and logging back into your account doesn’t let you access the information you left there earlier.
9. Also avoid using online banking over an unsecured public WiFi network. Also keep your Bluetooth turned off when you are not using it.


Sunday, November 23, 2014

Phishing - Smishing & Vishing

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public. Phishing emails may contain links to websites that are infected with malware.

Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies.

SMS Phishing or SMShing is a form of criminal activity using social engineering techniques. SMS phishing uses cell phone text messages to deliver the bait to induce people to divulge their personal information. The hook (the method used to actually capture people's information) in the text message may be a website URL, but it has become more common to see a telephone number that connects to an automated voice response system. 

The SMS phishing message usually contains something that demands the target's immediate attention.

Example:"We confirm that you have signed up for our dating service. You will be charged $2 a day unless you cancel your order on this URL: [URL]". Or (Name of popular online bank) confirms that you have purchased a computer from (name of popular computer company). Visit [URL] if you did not make this online purchase", and "(Name of a financial institution): Your account has been suspended. Call 0xxxxxxxxxx immediately to reactivate". The hook will be a seemingly legitimate website that asks you to "confirm" (enter) your personal financial information, such as your credit/debit card number, CVV code (on the back of your credit card), your ATM card PIN, SSN, email address, and other personal information.

If the hook is a phone number, it normally directs to a legitimate-sounding automated voice response system, similar to the voice response systems used by many financial institutions, which will ask for the same personal information.
This is an example of a (complete) SMS phishing message in current circulation: "Notice - this is an automated message from (a local credit union), your ATM card has been suspended. To reactivate call urgent [sic] at 866-###-####."

In many cases, the SMS phishing message will show that it came from "5000" instead of displaying an actual telephone number. This usually indicates the SMS message was sent by email to the cell phone rather than from another cell phone.
This information is then used to create duplicate credit/debit/ATM cards. There are documented cases where information entered on a fraudulent website (used in a phishing, SMS phishing, or voice phishing attack) was used to create a credit or debit card that was then used halfway around the world within 30 minutes.

Voice Phishing is the criminal practice of using social engineering over the telephone system to gain access to private personal and financial information from the public for the purpose of financial reward.
Voice Phishing is known as Vishing. The combination of both words Voice and phishing.
The Vishing is done for getting personal and financial details of the victim. Some of the fraudsters use Voice Over IP (VOIP) by this they can spoof their caller ID.

Voice phishing or Vishing is difficult for legal authorities to monitor or trace. To protect themselves, consumers are advised to be highly suspicious when receiving messages directing them to call and provide credit card or bank numbers — vishers can in some circumstances intercept calls that consumers make when trying to confirm such messages.
 
Example: In this case there are two character Attacker ‘A’& Victim ’B’. Now Attacker ‘A’ somehow contacted Victim ‘B’ with his number that is spoofed and telling u some banks name (My name is XYZ calling from bank) now he will tell you that your card has been blocked or some new schemes are available for you so you please provide your debit card number and if you give 14 digit number he will ask you for CVV number that is of 3 digit. So by mistake you will give your number to him and then he will ask you for your OTP if the facilities is activated, if not then your bank password used for online transection or for online shopping. So directly he will purchase something from website or he will transfer your money.

Another simple trick used by the fraudsters is to ask the called party to hang up and dial their bank - when the caller hangs up, the fraudster does not, keeping the line open and remaining connected when the victim picks up the phone to dial. When in doubt, calling a company's telephone number listed on billing statements or other official sources is recommended as opposed to calling numbers received from messages or callers of dubious authenticity.

However, sometimes hanging up and redialing is insufficient: if the caller has not hung up, the victim might still be connected and the fraudster spoofs a dial tone down the phone line when the victim dials and a fraudster accomplice answers and impersonates whoever the victim is trying to call. Hence consumers are advised to use a different phone when dialing a company's number to confirm.
 
What to do for not getting into scam?
1. First of all avoid giving your information on telephone. (Because the banks will never ask such details (your 14 digit debit card number and your 3 digit CVV number)
2. If you get such calls from the bank avoid that call or ignore it and don’t give your personal information to anyone.
 
If this happen, what to do?
1. Immediately contact to your banks toll free number and deactivate your Debit card or credit card so he will not be able to use your card again.
2. File a complaint against that calling number.

In-Session Phishing is a form of phishing attack which relies on one web browsing session being able to detect the presence of another session (such as a visit to an online banking website) on the same web browser, and to then launch a pop-up window that pretends to have been opened from the targeted session. This pop-up window, which the user now believes to be part of the targeted session, is then used to steal user data in the same way as with other phishing attacks.


The advantage of in-session phishing to the attacker is that it does not need the targeted website to be compromised in any way, relying instead on a combination of data leakage within the web browser, the capacity of web browsers to run active content, the ability of modern web browsers to support more than one session at a time, and social engineering of the user.